Secure negotiation and encryption module

ABSTRACT

A digital subscriber communication terminal includes an adaptive output interface having a device key set, which, along with a subscriber device coupled to the adaptive output interface, determines a “shared secret.” The adaptive output interface uses the “shared secret” to encrypt content and transmits the content to the subscriber device coupled to the adaptive output interface. The digital subscriber communications terminal includes a processor, a memory having an encrypted device key set and an encrypted device key set decryptor stored therein and a secure element having a key decryptor. The secure element is adapted to receive the encrypted device key set decryptor and use the key decryptor to decrypt the encrypted device key set decryptor. The device key set decryptor is provided to the processor, which decrypts the encrypted device key set using the device key set decryptor, and the device key set is loaded into the adaptive output interface.

TECHNICAL FIELD

The present disclosure relates generally to cable television, and, moreparticularly, to a digital subscriber communication terminal adapted totransmit protected digital content to a subscriber device.

BACKGROUND OF THE DISCLOSURE

Subscriber television systems typically employ a receiver, or settopterminal, or digital subscriber communication terminal (DSCT), at eachcustomer premises to receive and decode the programming transmitted tothe user from a central location (commonly referred to in the industryas the “headend”) via a wired infrastructure such as cable or wirelessnetwork. The digital subscriber communication terminal typicallyincludes a receiver, decoder, and processing circuitry. The digitalsubscriber communication terminal is capable of receiving theprogramming information via the network and transforming the receivedsignal to a format that can be presented to the viewer via a televisiondisplay.

Today, subscriber television systems frequently transmit high qualitydigital content to DSCTs of their subscribers. Many subscribers havedigital equipment such as personal computers that can be used to copy,virtually error free, digital content. In order to protect the propertyrights of owners of digital content, it is desirable to have a way toprevent uncontrolled copying of digital content received at the DSCTs.

BRIEF DESCRIPTION OF THE DRAWINGS

The preferred embodiment of the invention, as defined in the claims, canbe better understood with reference to the following drawings. Thecomponents within the drawings are not necessarily to scale relative toeach other, emphasis instead being placed upon clearly illustrating theprinciples of the present disclosure.

FIG. 1 is a block diagram illustrating the cable television systemarchitecture, in accordance with one embodiment.

FIG. 2 is a block diagram illustrating a DSCT, in accordance with oneembodiment.

FIG. 3 is a block diagram of a secure element in a DSCT, in accordancewith one embodiment.

FIG. 4 is a flow chart illustrating a procedure to load a device keyset, in accordance with one embodiment.

FIG. 5 is a flow chart illustrating a process of transmitting content toa subscriber device, in accordance with one embodiment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 is a block diagram illustrating the architecture of thesubscriber television system (STS) 100 in which one preferredembodiment, among others, of the disclosure resides. Subscribertelevision system 100 includes central distribution point, or head end,102 connected via network 104 to a digital subscriber communicationterminal (DSCT) 106. Head end 102 is responsible for, among otherthings, program distribution and provides control functions to DSCT 106.The control functions include the assigning of program entitlements tothe DSCT 106, i.e., granting the DSCT the authority to access programs.

Network 104 can be either a wired network or a wireless network. Wirednetworks include, among others, optical fiber networks, coaxial cablenetworks, and/or a combination of fiber and coaxial cable. Wirelessnetworks include satellite networks and microwave networks, amongothers. Network 104 includes many intermediate devices (not shown) fortwo-way communication between the headend 102 and the DSCT 106. In-bandcommunication is transmitted down stream over multiple quadratureamplitude modulation (QAM) channels from the headend 102 to the DSCT106. Network 104 also includes a bi-directional quadrature phase shiftkeying (QPSK) communication channel over which control information isexchanged between the headend 102 and the DSCT 106. The exchange ofinformation using the QPSK channel of network 104 is independent of theQAM channel to which the DSCT 106 is tuned.

The DSCT 106 receives digital content from the headend 102. Typicallythe digital content is encrypted using encryption techniques well knownto those skilled in the art. U.S. patent entitled “Conditional AccessSystem,” U.S. Pat. No. 6,510,519, which is hereby incorporated byreference in its entirety, provides details on one acceptable example,among others, for encrypting and decrypting content in a subscribertelevision system. Among other things, in such an example, the DSCT 106receives entitlements and long-term keys from the headend 102. Theentitlements grant the DSCT the right to access selected digitalcontent. If the DSCT 106 is entitled to access selected content, thelong-term keys are used to decrypt encrypted content that the DSCT 106is entitled to access. To access a particular program/service carried inthe digital content, the DSCT 106 must have both, the correctentitlement for the particular program/service and the necessarylong-term key.

The DSCT 106 provides digital content to a subscriber device 108 suchas, but not limited to, a high definition television (HDTV) 108, digitalaudio equipment, and other devices adapted to receive digital contentsuch as a digital recorder. Those skilled in the art will appreciatethat in alternative embodiments the DSCT can be located in a variety ofequipment, including, but not limited to, a computer, a TV, a monitor,or an MPEG decoder, among others.

Referring to FIG. 2, the DSCT 106 preferably includes a bus 211, a userinterface 202, a processor 204, a memory 206, a secure element 208, atransceiver 210, a tuner 212, a demultiplexer 214, a cryptographicdevice 216, a converter 218, and an adaptive output interface (AOI) 220.User interfaces are well known to those of ordinary skill in the art;non-limiting examples of user interfaces include key pads and combinedremote control/infrared detector pairs. A subscriber uses the userinterface 202 to input commands such as selecting a “program channel”.It should be noted that a digital program can be, and frequently is,carried along with other digital programs in a transport stream, and thetransport stream is broadcast at a particular frequency over one of theQAM channels in network 104 as in-band communication from the headend102 to the DSCT 106. In a cable network, a single analog program istransmitted at a specific frequency through a 6-megahertz wide frequencyband. Digital programs on the other hand are compressible, and a single6-megahertz wide frequency band can carry multiple digital programs. Forthe purposes of this disclosure, a “program channel” refers to a streamof digital content, which may or may not be multiplexed with otherdigital content. For the purposes of this disclosure, the digitalcontent is described in terms of Motion Pictures Experts Group (MPEG)protocols, which are well known to those skilled in the art. However,MPEG content is used for illustrative purposes only and is anon-limiting example of digital content. Embodiments of the presentinvention are intended to encompass all forms of digital content.

Once a subscriber has selected a program channel, the processor 204 usesMPEG tables, such as network information tables and other system tables,which are stored in the memory 206, to determine the frequency bandcarrying the selected program channel. In addition to tables, the memory206 also includes an encrypted device key set (EDKS) 228 and anencrypted device key set decryptor (EDKSD) 230, both of which aredescribed in detail hereinbelow.

The transceiver 210 is used for two-way communication with the headend102. The transceiver 210 receives out-of-band communication such asEntitlement Management Messages (EMMs) having, among other things,long-term keys and entitlements to services offered by the STS 100included therein.

The processor 204 instructs the tuner 212 to tune to the frequency bandcarrying the selected program. The tuned to frequency carries atransport stream 222, and the tuner 212 provides the demultiplexer 214with the transport stream 222. The demultiplexer 214 parses transporttables from the transport stream 222 and provides the transport tablesto the processor 204.

Transport tables include conditional access tables (CATs), programassociation tables (PATs), and program map tables (PMTs), which are allwell known to those of ordinary skill in the art. The transport stream222 also includes entitlement control messages (ECMs) which areassociated with an encrypted program. The entitlement control messagesprovide decryption information for the program to which they areassociated, and the demultiplexer parses ECMs from the transport stream222 and provides the ECMs to the secure element 208.

Using the transport tables the processor 204 instructs the demultiplexerto parse the selected program from the transport stream 222. Theselected program is carried in a stream of packets, which are identifiedby packet identifiers (PIDs). The processor 204 determines the PIDs ofthe packets carrying the selected program, and the demultiplexer 214passes received packets having matching PIDs to the cryptographic device216.

The cryptographic device 216 receives a string of control words from thesecure element 208. Each control word is used to decrypt a portion ofthe selected program. Typically, each control word in the string ofcontrol words is used to decrypt a minute or less of the program.

The cryptographic device 216 provides the decrypted output to theconverter 218 and to the adaptive output interface (AOI) 220. Theconverter 218 converts the digital content from a digital format to aformat for a non-digital subscriber device, such as an analog TVincluding analog stereo, or an analog stereo system, or a radiofrequency (RF) output.

The AOI 220 is in two-way communication with the subscriber device 108via communication link 224, and supports outputting content according tostandards, such as, but not limited to, “digital video interface” (DVI),“digital transmission content protection” (DTCP), and “high band widthdigital content protection” (HDCP). A digital video interface (DVI) andan IEEE 1394 (firewire) interface are two non-limiting examples ofinterfaces used in the AOI 220.

In one embodiment, the AOI 220 is embodied in an ASIC. The AOI can beimplemented in software, hardware, or a combination thereof. In anotherpreferred embodiment, the AOI is implemented in software or firmwarethat is stored in a memory and that is executed by a suitableinstruction execution system (microprocessor). If implemented inhardware, as in an alternative embodiment, the AOI can be implementedwith any or a combination of the following technologies, which are allwell known in the art: a discrete logic circuit(s) having logic gatesfor implementing logic functions upon data signals, an applicationspecific integrated circuit having appropriate logic gates, aprogrammable gate array(s) (PGA), a field programmable gate array(FPGA), etc.

The AOI 220 includes a device key set (DKS) 226. Typically, the DKS 226is loaded into the AOI 220 during the boot up of the DSCT 106. However,the DKS 226 can also be loaded into the AOI 220 as needed. The AOI 220includes a network monitoring module (NMM) 232 that determines whetheror not a subscriber device is coupled to the communication link 224.When the NMM 232 determines that a subscriber device is coupled to thecommunication link 224, the NMM 232 and the subscriber device establishcommunication using protocols well known to those skilled in the artsuch as, but not limited to, “Extended Display Identification Data(EDID).” Using information from the DKS 226, the NMM 232 determineswhether the subscriber device is authorized to receive digital content.

An authorized subscriber device will include a device key set, which istypically provided to the device during its manufacture. An authoritysuch as a consortium of digital content providers or a consortium ofmanufactures provide device key sets to “authorized” manufactures ofdigital subscriber devices. The “consortium” determines who isauthorized to receive device key sets. Unauthorized manufacturers arenot provided with device key sets. The consortium establishes protocolsby which NMMs use device key sets to determine “shared secrets” andprotocols for encrypting/decrypting content. Non-limiting examples ofthe protocols employed in NMMs include High-Bandwidth Digital ContentProtection (HDCP), Digital Transmission Content Protection (DTCP), andOpenCable CableCARD Copy Protection System. Further details can be foundin specifications such as HDCP revision 1.1, which can be downloaded atwww.digital-cp.com and which is hereby incorporated by reference, andsuch as DCTP specification version 1.3, which can be downloaded atwww.dtcp.com and which is also hereby incorporated by reference.

The AOI 220 communicates with the subscriber device 108, and together,using elements of the DKS 226 and corresponding information private tothe subscriber device 108, they determine a “shared secret.” The sharedsecret is then used in the encryption of digital content transmittedfrom the AOI 220 to the subscriber device 108. The shared secret can beused to encrypt the digital content, or alternatively, can be used togenerate control words for encrypting the digital content. The digitalcontent is encrypted using encryption algorithms well known to thoseskilled in the art such as, but not limited to, Data Encryption Standard(DES), triple Data Encryption Standard (3DES), among others.

Referring to FIG. 3, the secure element 208 includes a processor 302 anda memory 304, the processor 302 and memory 304 are enclosed in tamperresistant packaging 306, which protects the contents of the secureelement 208 from unauthorized access.

The memory 304, which is only accessible to the processor 302, includesentitlements 308, keys 310, and private keys 312. Typically, the keys310 include public-keys (asymmetrical) belonging to the headend 102 andsymmetric keys, such as but not limited to, long term keys provided bythe headend 102. The public keys are usually used for, among otherthings, verifying the digital signature of a message that has beensigned with the corresponding private key. Public key/private key pairsare well known to those skilled in the art and shall not be discussed indetail. RSA is a non-limiting example of an encryption scheme employingasymmetrical public key/private key pairs. Briefly described,asymmetrical key pairs such as private-key/public-key pairs are used forencrypting and digitally signing content. Content encrypted by apublic-key of a private-key/public-key pair can only be decrypted by thecorresponding private-key. Content digitally signed with a private-keyis verifiable with the corresponding public-key. Private-keys are keptprivate/secure, and public-keys are distributed. The symmetric keysincluded in keys 310 are generally used for, among other things,processing the content of an ECM to generate a control word.

The entitlements 308 map granted permissions to programs/servicesprovided by the STS 100. For example, if a subscriber selects a givenprogram such as pay-per-view movie, the processor 302 determines whetherthe DSCT 106 has been granted permission to access that particularprogram by checking the entitlements 308. The processor 302 generatesthe control words to decrypt the particular program, if and only if, theentitlements 308 indicate that the DSCT 106 has been granted permissionto access the selected program. The secure element 208 receives from thedemultiplexer 214 a string of entitlement control messages (ECMs), whichare associated with the program, and the ECMs include a decryptor forgenerating control words associated with the selected program. Theprocessor 302 determines whether the DSCT 106 is entitled to access theselected program using the entitlements 308, and if so, the processor302 uses a long-term key from keys 310 to generate the control wordusing the decryptor included in the entitlement control messages. Thecontrol word is then provided to the cryptographic device 216.

The private keys 312 belong to the DSCT 106 and are never shared withany processor other than processor 302. The private keys 312 areprovided to the memory 304 during the manufacture of the secure element208, and the device that provided the private keys does not retain acopy of any of the private keys. The private keys 312 include aplurality of private keys such as a message private key (MPK) 314 and akey decryptor private key (KDPK) 316.

The headend 102 frequently sends messages such as entitlement managementmessages (EMM) to the DSCT 106 and frequently, the contents of the EMMsare encrypted by the public key corresponding to the MPK 314. Theprocessor 302 uses the MPK 314 to decrypt the message content.Typically, EMMs include one of the keys 310 or instructions for theaddition of an entitlement, or the removal of an entitlement, ordeletion of one the keys 310. In that case, the EMM or selected portionthereof is provided to the secure element 208 by the processor 204. Theprocessor 302 uses the MPK to decrypt the EMM (or portion thereof) andchange the entitlements 308 or add or delete a key 310. Generally thereis no observable output from the secure element 208 when an EMM or aportion of an EMM is processed.

Sometimes, the secure element 208 does output decrypted content. When itdoes so, the secure element 208 receives from the processor 204 a blockof encrypted content and the processor 302 uses the KDPK 316 to decryptthe block. The decrypted block is then output to the processor 204.Generally, the decrypted block includes content matter and padding. Thecontent matter is what was sought to be protected via encryption and thepadding brings the total size of the block up to a desired size forencryption. Among other things, the KDPK 316 is used for decrypting theEDKSD 230.

In one preferred embodiment, during the manufacture of the DSCT 106, thesecure element 208 is securely provided with the KDPK 316 by akey-granting authority. The key-granting authority retains a copy of thepublic-key corresponding to the KDPK 316 but does not retain a copy ofthe KDPK 316. The key-granting authority, which also has authority fromthe “consortium” to install device key sets in DSCTs, generates a key, adevice key set decryptor (DKSD), and uses the DKSD key to encrypt adevice key set, which is then stored in memory 206 as the encrypteddevice key set (EDKS) 228. The key-granting authority then uses thepublic-key corresponding to the KDPK 232 to encrypt the DKSD key, andthe encrypted key is then stored in the memory 206 as the EDKSD 230. Thekey-granting authority then destroys its copy of the DKSD. Because theDSCT 106 is the only device having the private-key (KDPK 316), the DSCT106 is the only device that can decrypt the EDKSD 230 and, therefore,the only device that can decrypt the EDKS 228.

In an alternative embodiment, the key-granting authority uses asymmetrickeys to encrypt/decrypt the device key set. In that case, the keygranting authority generates an encryption key for encrypting the devicekey set and a decryption key for decrypting the device key set. The keygranting authority then encrypts the device key set, which is thenstored in the memory 206 as the EDKS 228, using the encryption key andencrypts the decryption key using the public-key corresponding to theKDPK 316 of the DSCT 106. The encrypted decryption key is then stored inthe memory 206 as the EDKSD 230. The key-granting authority does notretain a copy of the decryption key. Thus, the DSCT 106 is the onlydevice that can decrypt the EDKSD 230.

FIGS. 4 and 5 are flowcharts illustrating various aspects of theoperation of the DSCT 106. The flow charts of FIGS. 4 and 5 show thearchitecture, functionality, and operation of a possible implementationof the DSCT 106. In this regard, each block represents a module,segment, or portion of code, which comprises one or more executableinstructions for implementing the specified logical function(s). Itshould also be noted that in some alternative implementations, thefunctions noted in the blocks might occur out of the order noted inFIGS. 4 and 5. For example, two blocks shown in succession in FIGS. 4and 5 may in fact be executed substantially concurrently or the blocksmay sometimes be executed in the reverse order, depending upon thefunctionality involved, as will be further clarified hereinbelow.

The logic of the preferred embodiment of the disclosure can beimplemented in software, hardware, or a combination thereof. In apreferred embodiment(s), the logic is implemented in software orfirmware that is stored in a memory and that is executed by a suitableinstruction execution system (microprocessor). If implemented inhardware, as in an alternative embodiment, the AIO, NMM, and device keyset can be implemented with any or a combination of the followingtechnologies, which are all well known in the art: a discrete logiccircuit(s) having logic gates for implementing logic functions upon datasignals, an application specific integrated circuit having appropriatelogic gates, a programmable gate array(s) (PGA), a field programmablegate array (FPGA), etc.

Furthermore, the software, which comprise an ordered listing ofexecutable instructions for implementing logical functions, can beembodied in any computer-readable medium for use by or in connectionwith an instruction execution system, apparatus, or device, such as acomputer-based system, processor-containing system, or other system thatcan fetch the instructions from the instruction execution system,apparatus, or device and execute the instructions.

In the context of this document, a “computer-readable medium” can be anymeans that can contain, store, communicate, propagate, or transport theprogram for use by or in connection with the instruction executionsystem, apparatus, or device. The computer readable medium can be, forexample but not limited to, an electronic, magnetic, optical,electromagnetic, infrared, or semiconductor system, apparatus, device,or propagation medium. More specific examples (a non-exhaustive list) ofthe computer-readable medium would include the following: an electricalconnection (electronic) having one or more wires, a portable computerdiskette (magnetic), a fixed computer disk (magnetic), a random accessmemory (RAM) (electronic), a read-only memory (ROM) (electronic), anerasable programmable read-only memory (EPROM or Flash memory)(electronic), an optical fiber (optical), and a portable compact discread-only memory (CDROM) (optical). Note, the computer-readable mediumcould even be paper or another suitable medium upon which the program isprinted, as the program can be electronically captured, via for instanceoptical scanning of the paper or other medium, then compiled,interpreted or otherwise processed in a suitable manner if necessary,and then stored in a computer memory.

Referring now to FIG. 4, the DSCT 106 implements the steps 400 to, amongother things, load the DKS 226 into the AOI 220. In step 402, the DSCT106 is initialized by booting or resetting the operating system of theDSCT 106.

In step 404, the processor 204 passes the EDKSD 230 to the secureelement 208, and in step 406, the processor 302 uses the KDPK 316 todecrypt the EDKSD 230 and generate a device key set decryptor (DKSD).

In step 408, the DKSD is passed from the secure element 208 to theprocessor 204.

In step 410, the processor 204 decrypts the EDKS 228 using the DKSD.Typically, the EDKS 228 was encrypted using symmetric encryptionalgorithms such as, but not limited to, DES or 3DES. It should be notedthat the processor 204 is adapted to decrypt the EDKS 228 using the DKSDregardless of whether the EDKS 228 was encrypted using a symmetricencryption algorithm or an asymmetric algorithm.

Next, in step 412, the processor 204 provides the DKS 226 to the AOI220.

In an alternative embodiment steps 404-412 are not initiated uponinitialization of the DSCT 106. Rather, the AOI 220 includes plug-n-playcapabilities such that the AOI 220 can detect the subscriber devicethrough communication link 224 responsive to the subscriber device 108being coupled to the AOI 220. After detecting the subscriber device 108,the AOI 220 signals the processor 204, which then implements steps404-412.

Referring to FIG. 5, steps 500 illustrate steps taken by the AOI 220 toprovide the subscriber device 108 with digital content. In step 502, AOI220 detects the subscriber device 108. The AOI 220 and subscriber device108 includes the necessary logic for implementing protocols such asplug-n-play for communicating over communication link 224.

In step 504, the AOI 220 uses elements of the device key set 226 todetermine a shared secret with the subscriber device 108. The sharedsecret is only determined if the subscriber device 108 is authorized bythe “consortium” to receive digital content because only authorizedsubscriber devices have a compatible device key set.

In step 506, the AOI 220 uses the shared secret to encrypt the digitalcontent. The shared secret may be used as a key for encrypting thedigital content or the shared secret may be used to generate anencryption key. In either case, the subscriber device 108 operates in acomplementary manner to decrypt the content.

In step 508, the AOI 220 transmits the encrypted content to thesubscriber device over communication link 224. The subscriber device 108can correctly decrypt the content if and only if a shared secret hassuccessfully been determined. The AOI 220 may use protocols that inhibittransmission of protected content to the subscriber device if no sharedsecret has been determined.

It will be apparent to those skilled in the art that many modificationsand variations may be made to the preferred embodiments of the presentdisclosure, as set forth above, without departing substantially from theprinciples of the present disclosure. All such modifications andvariations are intended to be included herein within the scope of thepresent disclosure, as defined in the claims that follow.

1. A settop terminal in a subscriber television system, the settopterminal comprising: a first memory including an encrypted first key andan encrypted device key set stored therein; a secure element including aprocessor and a second memory, wherein the second memory is accessibleonly to the processor and has a private-key of a private-key/public-keypair stored therein, wherein the processor is adapted to decrypt theencrypted first key using the private-key, and wherein the decryptedfirst key is used to decrypt the encrypted device key set; and anadaptive output interface adapted to utilize a device key set todetermine a shared-secret key with a receiver in communication therewithand adapted to provide an encrypted stream of content to the receiverusing the shared-secret key to encrypt the stream of content.
 2. Thesettop terminal of claim 1, wherein the device key set is used withprotocols for high-bandwidth digital content protection.
 3. The settopterminal of claim 1, wherein the device key set is used with protocolsfor digital transmission content protection.
 4. The settop terminal ofclaim 1, wherein the adaptive output interface includes at least one ofa digital visual interface and a High-Definition Multimedia Interface[HDMI].
 5. The settop terminal of claim 1, wherein the output interfaceincludes an IEEE 1394 interface.
 6. The settop terminal of claim 1,further including: a second processor adapted to receive the decryptedfirst key and decrypt the encrypted device key set using the decryptedfirst key and provide the decrypted device key set to the adaptiveoutput interface.
 7. The settop terminal of claim 6, wherein secondprocessor implements a symmetric cryptographic algorithm using thedevice-key set decryptor as a key to decrypt the encrypted device-keyset.
 8. The settop terminal of claim 7, wherein the symmetriccryptographic algorithm is a 3DES algorithm.
 9. The settop terminal ofclaim 7, wherein the symmetric cryptographic algorithm is a DESalgorithm.
 10. The settop terminal of claim 1, wherein the encrypteddevice key set and the encrypted first key are stored in the firstmemory prior to installing the settop terminal in the subscribertelevision system.
 11. In a subscriber television system including aheadend in communication with a plurality of settop terminals includinga given settop terminal, the given settop terminal comprising: a firstmemory including an encrypted first key and an encrypted device key setstored therein; a secure element including a first processor and asecond memory, wherein the second memory is accessible only to the firstprocessor and has a private-key of a private-key/public-key pair storedtherein, wherein the first processor is adapted to decrypt the encryptedfirst key using the private-key; an input port receiving a stream ofcontent from the headend; a second processor adapted to determine fromthe stream of content whether the content of the stream of content isprotected and adapted to receive the decrypted first key and decrypt theencrypted device key set using the decrypted first key; and an adaptiveoutput interface adapted to implement the decrypted device key set todetermine a shared-secret key with a receiver in communication therewithand, responsive to the first processor determining the content isprotected, adapted to provide an encrypted stream of content to thereceiver using the shared-secret key to encrypt the stream of content,and, responsive to the first processor determining the content is notprotected, adapted to provide the stream of content to the receiver. 12.The settop terminal of claim 11, wherein the device key set is used withprotocols for high-bandwidth digital content protection.
 13. The settopterminal of claim 11, wherein device key set is used with protocols fordigital transmission content protection.
 14. The settop terminal ofclaim 11, wherein the adaptive output interface includes at least one ofa digital visual interface and a High-Definition Multimedia Interface[HDMI].
 15. The settop terminal of claim 11, wherein the outputinterface includes an IEEE 1394 interface.
 16. A method of providing areceiver with a stream of content, the method implemented in a settopterminal in a subscriber television system, the method comprising thesteps of: decrypting an encrypted first key using a private-key of aprivate-key/public-key pair belonging to the settop terminal, whereinthe first key is decrypted inside of a secure-element including aprocessor and a memory, wherein the private-key is accessible to onlythe processor; decrypting an encrypted device key set using thedecrypted first key; providing the decrypted device key set to anadaptive output interface of the settop terminal that is incommunication with the receiver; determining a shared-secret key withthe receiver using the decrypted device key set; and outputting thestream of content to the receiver.
 17. The method of claim 16, prior tothe step of outputting, further including the steps of: determiningwhether the content of the stream of content is protected content; andresponsive to determining the content is protected, encrypting thecontent of the stream of content using the shared-secret key, whereinthe output stream of content is encrypted.
 18. The method of claim 17,prior to the step of encrypting the content, further including the stepsof: receiving a second encrypted stream of content; and decrypting thesecond stream of content, wherein the decrypted second stream of contentis the stream of content that is encrypted in the encryption step.
 19. Amethod of providing a receiver with a stream of content, the methodimplemented in a settop terminal in a subscriber television system, themethod comprising the steps of: decrypting an encrypted first key usinga private-key of a private-key/public-key pair belonging to the settopterminal, wherein the first key is decrypted inside of a secure-elementincluding a processor and a memory, wherein the memory is accessible toonly the processor and has the private-key stored therein; decrypting anencrypted device key set using the decrypted first key; providing thedecrypted device key set to an adaptive output interface; negotiating ashared-secret key with the receiver using the decrypted device key set;receiving a stream of content from a headend of the subscribertelevision system; determining whether the receiver is entitled toaccess the stream of content; determining whether the received stream ofcontent is encrypted content; and outputting the stream of content tothe receiver.
 20. The method of claim 19, prior to the step ofoutputting, further including the steps of: determining whether thecontent of the stream of content is protected content; and responsive todetermining the content is protected, encrypting the content of thestream of content using the shared-secret key, wherein the output streamof content is encrypted.
 21. The settop terminal of claim 1, wherein thememory of the secure element further includes a message private keystored therein that is separate from the private-key, wherein theprocessor of the secure element is further adapted to decrypt datawithin entitlement management messages (EMM) provided by a headend ofthe subscriber television system to the settop terminal using themessage private key.
 22. The settop terminal of claim 11, wherein thememory of the secure element further includes a message private keystored therein that is separate from the private-key, wherein theprocessor of the secure element is further adapted to decrypt datawithin entitlement management messages (EMM) provided by the headend ofthe subscriber television system to the settop terminal using themessage private key.
 23. The method of claim 16, further comprising:providing an entitlement management message (EMM) from a headend of thesubscriber television system to the settop terminal; and decrypting datawithin the entitlement management message (EMM) using a message privatekey stored within the memory of the secure-element, wherein the messageprivate key is separate from the private-key.
 24. The method of claim19, further comprising: providing an entitlement management message(EMM) from the headend of the subscriber television system to the settopterminal; and decrypting data within the entitlement management message(EMM) using a message private key stored within the memory of thesecure-element, wherein the message private key is separate from theprivate-key.